The FDA’s Digital Health Innovation Action Plan and Cybersecurity for Digital Healthcare

The number one issue for aging consumers is the lack of privacy related to sensitive medical information and other data that wearables like Fitbits and heart monitors bring without proper oversight. This is part of the reason for the FDA’s Digital Health Innovation Action Plan (DHIAP), which is meant to speed up the evaluation process for digital health technologies and allow the FDA to better focus on high-risk products.

As it stands, the approval process for new digital technologies can take years, even for low-risk products. Internet of things (IoT) technologies are advancing at a rapid pace, which means by the time new devices or software are approved and become available, they are often outdated. To combat this trend, the DHIAP consists of three major parts.

1. Updating legislation

The FDA will introduce new legislation that clarifies the approval process for certain types of software, such as medical device data systems, health apps, medical image storage, and general wellness products. The legislation would also expand exemptions for some software.

However, the proposed changes aren’t all moving toward a more hands-off approach. The FDA would finalize the timeline for when developers need to submit a 510(k) for software updates. They also plan to expand their authority to evaluate functions that don’t fall under their current medical device oversight. This would apply to devices that have multiple functions, some of which aren’t directly related to medical uses but have the potential to impact a device or software’s safety and effectiveness.

2. Streamlining regulations for some

A pre-certification process will clear some regulations for companies with a history of quality and organizational excellence. Unlike traditional evaluation methods, this process focuses less on individual products and more on the developers themselves. Companies would need to meet a number of objective criteria related to different factors, including software design, development, and validation.

Pre-certified companies could then market their low-risk technologies without additional FDA oversight, or at least a more streamlined review. This will allow the FDA to more efficiently evaluate the mass of products, offering healthcare facilities and the public timely access to useful technologies.

3. Investing in experts

In order to improve the efficiency, quality, and consistency of decision making, the FDA intends to invest in new staff members who have significant experience within the digital health field. The staff will work with compliance officers, reviewers, and others within the FDA to help establish best practices throughout the evaluation process. Regularly working with a pool of experts with relevant experience will not only ensure reviewers are paying attention to crucial factors and testing them in useful ways, but it should also help to streamline the overall process.

Opportunities for cybersecurity startups

As more digital health technologies enter the marketplace, the need for cybersecurity will only continue to grow. In fact, one of the major changes in healthcare management needs is related directly to data breaches, which have increased by about 23 percent since 2015. The majority of these breaches have been targeted at small to medium-sized healthcare facilities, many of which haven’t adopted basic security policies. This gap in preparation opens the door for hackers to use medical data to sell fake identities, or they could prevent medical professionals from accessing a facility’s data in order to extort money from an entire organization.

To combat the rise in breaches, cybersecurity specialists can monitor a facility’s networks closely for breaches, investigating and documenting signs of an intrusion. In addition, incorporating firewalls and data encryption software can help to protect information within electronic recordkeeping systems. Beyond these basics, cybersecurity specialists can run penetration tests, which simulate attacks on an organization’s systems in order to reveal vulnerabilities and create a response plan.

Aside from widespread breaches of patient record systems, devices such as insulin pumps and pacemakers with IoT capabilities also present significant risks. These devices can provide medical professionals with a more in-depth understanding of a patient’s condition, allowing doctors to monitor and even control the devices remotely. However, if hackers gained access to these devices, they could cause serious damage to individuals either by controlling the devices or altering the data they record.

In the rush to compete within an emerging market for IoT technologies, some companies quickly release IoT products without fully assessing the security risks or ensuring they have a plan to update software. Although initiatives like the DHIAP are designed to combat this as it relates to medical technologies, this trend includes devices for healthcare organizations as well as the general public. Because of this, cybersecurity specialists should also seek opportunities within the development and regular maintenance of security features for these technologies.

Although healthcare organizations have been slow to account for these risks and adapt to more secure practices, opportunities for cybersecurity startups are expected to see major growth during the next few years. One report suggests that the healthcare industry will invest more than $65 billion in cybersecurity products and services from 2017 to 2021, representing a 15 percent market growth. This is in contrast to the industry’s historically low investment in IT security, marking a new era for those working within cybersecurity.

In order to take advantage of this shift, cybersecurity startups should focus their attention on sustainability. Since there are drastic changes taking place within digital healthcare security, this means startups will need to pay close attention to local and global trends in regulations regarding new technologies. These may vary greatly and will likely continue to go through a lengthy revision process as policy makers navigate a constantly evolving industry. Adopting these regulations early will ensure that startups are prepared when initial rules become strict laws. This will also ensure a company’s ability to expand when the opportunity arises without having to make drastic changes to their practices.

With IoT technology racing forward, organizations within many industries are scrambling to keep up, and the need for cybersecurity services within healthcare will only increase from here. By paying attention to trends within regulations around the world, such as the FDA’s DHIAP, cybersecurity entrepreneurs looking to break into healthcare stand the best chance of staying ahead of hackers and other data breaches.

By Devin Morrissey

About the author

Devin prides himself on being a jack of all trades; his career trajectory is more a zig zag than an obvious trend, just the way he likes it. He pops up across the Pacific Northwest, though never in one place for long. You can follow him more reliably on Twitter.

Ad

STAY CONNECTED

 
Ad